Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method implemented in a machine-readable medium and to execute on a router, comprising: initially interacting, by the router, with an identity service to receive a new key that defines a recognized format for transmissions, wherein an old key was associated with an unrecognized format for other transmissions; detecting, by the router, a first data transmission in the unrecognized format, the first data transmission is received from a participant using the old key; forwarding, by the router, the first data transmission to the identity service along with an identifier for the participant; receiving, by the router, a second data transmission in the unrecognized format from the identity service; forwarding, by the router, the second data transmission to the participant, wherein the second data transmission is used to configure the participant with the new key; and receiving, by the router, a third data transmission from the participant in the recognized format using the new key.
2. The method of claim 1 , wherein detecting further includes receiving an Internet Protocol (IP) address as the identifier for the participant as part of a Transmission Control Protocol (TCP) header associated with the first data transmission.
3. The method of claim 1 , wherein forwarding the first data packet further includes mapping an Internet Protocol (IP) address associated with the participant to previously retained identity information for the participant and forwarding the identity information as the identifier to the identity service.
4. The method of claim 1 further comprising, interfacing, by the router, to an Internet Service Provider to provide Wide-Area Network (WAN) connectivity to the participant.
5. The method of claim 1 further comprising, delegating, by the router, responsibility of determining whether the participant is legitimate and should receive the third data transmission in the recognized format to the identity service.
6. The method of claim 1 wherein receiving the third data transmission further includes using the identity service to facilitate authenticating and dynamically configuring the participant for participation within a secure network.
7. A machine-implemented method to execute on a router, comprising: providing, via the router, a local secure network to processing devices by encrypting communications within the local secure network between the processing devices and the router; interfacing, via the router, the processing devices to a Wide-Area Network (WAN) via an Internet Service Provider; dynamically changing, via the router, an initial encryption key used for encrypting the communications within the local secure network without notifying each of the processing devices, the initial encryption key changed to a new key; detecting, via the router, a particular communication from a particular processing device in an unrecognizable format indicating the particular processing device was not notified of the new key and that the particular communication is using the initial encryption key; forwarding, via the router, the particular communication to an identity service; forwarding, via the router, a response communication in the unrecognized format being sent from the identity service to the particular processing device, the response communication using the initial encryption key; and identifying, via the router, new communications from the particular processing device occurring in a recognized format using the new key, the response used to configure the particular processing device with the new key.
8. The method of claim 7 , wherein providing further includes identifying the processing devices as one or more of laptops, personal digital assistants, phones, and intelligent appliances.
9. The method of claim 7 , wherein interfacing further includes using, via the router, a wireless connection that employs Wired Equivalent Privacy (WEP) protocols for the communications.
10. The method of claim 7 , wherein dynamically changing further includes determining that the particular participant is not logged into the local secure network when the initial encryption key is changed to the new key so that the particular participant receives no notification of the change.
11. The method of claim 7 , wherein dynamically changing further includes determining that the unrecognized format is an indication that the particular participant is still using the initial encryption key for the communications and has not received notice to switch to the new encryption key associated with the recognized format.
12. The method of claim 7 further comprising, relying, via the router, on the identity service to configure the particular participant with the new encryption key to change the unrecognized format for the communications to the recognized format using the new encryption key.
13. The method of claim 7 , wherein detecting further includes identifying, by the router, an Internet Protocol (IP) address associated with the unrecognized format of the communications and providing that IP address to the identify service for verification before the identity service supplies the new encryption key to the particular participant.
14. A machine-implemented system, comprising: a router configured to forward traffic from edge devices in an unrecognized format using an old encryption key and within a local secure network to an identity service and to relay responses in the unrecognized format from the identity service to the edge devices, the unrecognized format is unrecognized to the router that is forwarding the traffic and the responses; and the identity service configured to recognize the unrecognized format as communications utilizing the old encryption key and to provide a new encryption key to the edge devices for use with subsequent communications by the edge devices within the local secure network format that the router recognizes.
15. The system of claim 14 , wherein the router is configured on a backend to interface with an Internet Service Provider to provide Wide-Area Network (WAN) connectivity to the local secure network and the edge devices.
16. The system of claim 14 , wherein the router identifies Internet Protocol (IP) addresses of the edge devices supplied in the traffic that is in the unrecognized format, and the IP addresses provided by the router to the identity service.
17. The system of claim 16 , wherein the router maps the IP addresses to previously retained identity information for the edge devices and supplies the previously retained identity information to the identity service.
18. The system of claim 14 , wherein the router interacts with the identity service to receive the new key before the traffic is detected in the unrecognized format within the local secure network by the edge devices.
19. The system of claim 14 , wherein the identity service is configured to authenticate the router and each of the edge devices for participation within the local secure network.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 30, 2010
January 17, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.